A new study on encryption confirms what experts have been telling politicians for years

A broken lock holds a metal door shut after Israeli soldiers conducted house-to-house searches in the area for wanted militants February 20, 2003 in the Casbah of the West Bank town of Nablus. The Israeli Defense Force (IDF) has arrested approximately 40 Palestinians over the last 24 hours in operations in the ancient market area.
David Silverman/Getty Images
You can't ban encryption. It just won't work.

Noted cryptographer Bruce Schneier, along with Kathleen Seidel and Saranya Vijayakumar set out to perform a "worldwide survey of encryption products," and software being developed in 36 different jurisdictions, including the US.

The implication: "Any mandatory backdoor will be ineffective simply because the marketplace is so international."

The study is significant because it comes at a time of significant pressure from law enforcement in the US and elsewhere to force tech companies to introduce backdoors into encryption software to allow access when required. (We first read the study over on The Daily Dot.)

But there's also the pragmatic argument that any ban just won't work. Schneier et al's study backs this up.

Even if the US, or Britain, banned encryption, the terrorists/paedophiles/criminals that law enforcement are after can simply switch to software made in any of the other three dozen countries around the world that have encryption product developers.

The US, though (fairly) regarded as the heart of the international tech community, does not have significantly more sophisticated products available, the study found. "There is no reason to believe that foreign-designed or foreign-developed encryption products are any worse (or better) than their US counterparts," it says. "Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the US."

34% of the products surveyed are open source — meaning that even if every single country in the world decided to band together to ban encryption, rogue developers could still use this code to continue to develop encryption products underground.

But that isn't going to happen: Germany and the Netherlands have both "publicly disavowed backdoors in encryption products," the study points out — and have more than 130 encryption products between them.

The study concludes: "It is easy to purchase products, especially software products, that are sold anywhere in the world from everywhere in the world. Encryption products come from all over the world. Any national law mandating encryption backdoors will overwhelmingly affect the innocent users of those products. Smart criminals and terrorists will easily be able to switch to more-secure alternatives."